Creating a Parameter Store parameter using Tools for Windows PowerShell
You can use AWS Tools for Windows PowerShell to create String, StringList, and SecureString
parameter types. After deleting a parameter, wait for at least 30 seconds to
create a parameter with the same name.
Parameters can't be referenced or nested in the values of other
parameters. You can't include {{}} or {{ssm:
in a parameter value.parameter-name}}
Note
Parameters are only available in the AWS Region where they were created.
Topics
Creating a String parameter (Tools for Windows PowerShell)
Install and configure the AWS Tools for PowerShell (Tools for Windows PowerShell), if you haven't already.
For information, see Installing the AWS Tools for PowerShell.
-
Run the following command to create a parameter that contains a plain text value. Replace each
example resource placeholderwith your own information.Write-SSMParameter ` -Name "parameter-name" ` -Value "parameter-value" ` -Type "String"-or-
Run the following command to create a parameter that contains an Amazon Machine Image (AMI) ID as the parameter value.
Note
To create a parameter with a tag, create the service.model.tag before hand as a variable. Here is an example.
$tag = New-Object Amazon.SimpleSystemsManagement.Model.Tag $tag.Key = "tag-key" $tag.Value = "tag-value"Write-SSMParameter ` -Name "parameter-name" ` -Value "an-AMI-id" ` -Type "String" ` -DataType "aws:ec2:image" ` -Tags $tagThe
-DataTypeoption must be specified only if you are creating a parameter that contains an AMI ID. For all other parameters, the default data type istext. For more information, see Using native parameter support in Parameter Store for Amazon Machine Image IDs.Here is an example that uses a parameter hierarchy.
Write-SSMParameter ` -Name "/IAD/Web/SQL/IPaddress" ` -Value "99.99.99.999" ` -Type "String" ` -Tags $tag -
Run the following command to verify the details of the parameter.
(Get-SSMParameterValue -Name "the-parameter-name-you-specified").Parameters
Creating a StringList parameter (Tools for Windows PowerShell)
Install and configure the AWS Tools for PowerShell (Tools for Windows PowerShell), if you haven't already.
For information, see Installing the AWS Tools for PowerShell.
-
Run the following command to create a StringList parameter. Replace each
example resource placeholderwith your own information.Note
To create a parameter with a tag, create the service.model.tag before hand as a variable. Here is an example.
$tag = New-Object Amazon.SimpleSystemsManagement.Model.Tag $tag.Key = "tag-key" $tag.Value = "tag-value"Write-SSMParameter ` -Name "parameter-name" ` -Value "a-comma-separated-list-of-values" ` -Type "StringList" ` -Tags $tagIf successful, the command returns the version number of the parameter.
Here is an example.
Write-SSMParameter ` -Name "stringlist-parameter" ` -Value "Milana,Mariana,Mark,Miguel" ` -Type "StringList" ` -Tags $tagNote
Items in a
StringListmust be separated by a comma (,). You can't use other punctuation or special characters to escape items in the list. If you have a parameter value that requires a comma, then use theStringtype. -
Run the following command to verify the details of the parameter.
(Get-SSMParameterValue -Name "the-parameter-name-you-specified").Parameters
Creating a SecureString parameter (Tools for Windows PowerShell)
Before you create a SecureString parameter, read about the
requirements for this type of parameter. For more information, see Creating a SecureString
parameter using the AWS CLI.
Important
Only the value of a SecureString parameter is encrypted.
Parameter names, descriptions, and other properties aren't encrypted.
Important
Parameter Store only supports symmetric encryption KMS keys. You can't use an asymmetric encryption KMS key to encrypt your parameters. For help determining whether a KMS key is symmetric or asymmetric, see Identifying symmetric and asymmetric KMS keys in the AWS Key Management Service Developer Guide
Install and configure the AWS Tools for PowerShell (Tools for Windows PowerShell), if you haven't already.
For information, see Installing the AWS Tools for PowerShell.
-
Run the following command to create a parameter. Replace each
example resource placeholderwith your own information.Note
To create a parameter with a tag, first create the service.model.tag as a variable. Here is an example.
$tag = New-Object Amazon.SimpleSystemsManagement.Model.Tag $tag.Key = "tag-key" $tag.Value = "tag-value"Write-SSMParameter ` -Name "parameter-name" ` -Value "parameter-value" ` -Type "SecureString" ` -KeyId "an AWS KMS key ID, an AWS KMS key ARN, an alias name, or an alias ARN" ` -Tags $tagIf successful, the command returns the version number of the parameter.
Note
To use the AWS managed key assigned to your account, remove the
-KeyIdparameter from the command.Here is an example that uses an obfuscated name (3l3vat3131) for a password parameter and an AWS managed key.
Write-SSMParameter ` -Name "/Finance/Payroll/3l3vat3131" ` -Value "P@sSwW)rd" ` -Type "SecureString"` -Tags $tag -
Run the following command to verify the details of the parameter.
(Get-SSMParameterValue -Name "the-parameter-name-you-specified" –WithDecryption $true).Parameters
By default, all SecureString values are displayed as
cipher-text. To decrypt a SecureString value, a user must have
permission to call the AWS KMS Decrypt API operation. For information about configuring AWS KMS
access control, see Authentication and Access Control for AWS KMS in the
AWS Key Management Service Developer Guide.
Important
If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference AWS KMS. This only applies to the KMS key alias; the key ID that an alias attaches to stays the same unless you delete the whole key.
